专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20090204978A1 SYNCHRONIZING SPLIT USER-MODE/KERNEL-MODE DEVICE DRIVER ARCHITECTURE 有权
标题翻译：同步分割用户模式/ KERNEL模式设备驱动程序架构
公开(公告)号：US20090204978A1
公开(公告)日：2009-08-13
申请号：US12027274
申请日：2008-02-07
申请人： Mingtzong Lee , Peter Wieland , Nar Ganapathy , Ulfar Erlingsson , Martin Abadi , John Richardson
发明人： Mingtzong Lee , Peter Wieland , Nar Ganapathy , Ulfar Erlingsson , Martin Abadi , John Richardson
IPC分类号： G06F13/24 , G06F9/54
CPC分类号： G06F9/4812 , G06F9/545
摘要： A device driver includes a kernel mode and a user-mode module. The device driver may access device registers while operating in user-mode to promote system stability while providing a low-latency software response from the system upon interrupts. The device driver may include kernel stubs that are loaded into the operating system, and may be device specific code written. The stubs may be called by a reflector to handle exceptions caught by the stubs. A reset stub may be invoked by the reflector when the user-mode module or host terminates abruptly or detects an interrupt storm. The reset stub may also be invoked if errant DMA operations are being performed by a hardware device. The reset stub may ensure that hardware immediately stops unfinished DMA from further transfer, and may be called by the user-mode driver module.
摘要翻译：设备驱动程序包括内核模式和用户模式模块。设备驱动程序可以在用户模式下操作时访问设备寄存器，以提高系统稳定性，同时在中断时从系统提供低延迟软件响应。设备驱动程序可以包括加载到操作系统中的内核存根，并且可以是写入的特定于设备的代码。存根可以由反射器调用来处理由存根捕获的异常。当用户模式模块或主机突然终止或检测到中断风暴时，反射器可以调用复位存根。如果由硬件设备执行错误的DMA操作，也可以调用复位存根。复位存根可以确保硬件立即停止未完成的DMA进一步传输，并且可以由用户模式驱动器模块调用。

2. 发明申请

US20090210888A1 SOFTWARE ISOLATED DEVICE DRIVER ARCHITECTURE 审中-公开
标题翻译：软件分离设备驱动架构
公开(公告)号：US20090210888A1
公开(公告)日：2009-08-20
申请号：US12030868
申请日：2008-02-14
申请人： Mingtzong Lee , Peter Wieland , Nar Ganapathy , Ulfar Erlingsson , Martin Abadi , John Richardson
发明人： Mingtzong Lee , Peter Wieland , Nar Ganapathy , Ulfar Erlingsson , Martin Abadi , John Richardson
IPC分类号： G06F9/54
CPC分类号： G06F9/4812 , G06F9/45558 , G06F2009/45579
摘要： A device driver includes a hypervisor stub and a virtual machine driver module. The device driver may access device registers while operating within a virtual machine to promote system stability while providing a low-latency software response from the system upon interrupts. Upon receipt of an interrupt, the hypervisor stub may run an interrupt service routine and write information to shared memory. Control is passed to the virtual machine driver module by a reflector. The virtual machine driver module may then read the information from the shared memory to continue servicing the interrupt.
摘要翻译：设备驱动程序包括虚拟机管理程序存根和虚拟机驱动程序模块。设备驱动程序可以在虚拟机中运行时访问设备寄存器，以提高系统稳定性，同时在中断时提供来自系统的低延迟软件响应。在接收到中断时，管理程序存根可以运行中断服务程序并将信息写入共享存储器。控制通过反射器传递给虚拟机驱动程序模块。然后，虚拟机驱动器模块可以从共享存储器读取信息以继续服务中断。

3. 发明申请

US20090138625A1 SPLIT USER-MODE/KERNEL-MODE DEVICE DRIVER ARCHITECTURE 有权
标题翻译：分离用户模式/ KERNEL模式设备驱动程序架构
公开(公告)号：US20090138625A1
公开(公告)日：2009-05-28
申请号：US11944436
申请日：2007-11-22
申请人： Mingtzong Lee , Peter Wieland , Nar Ganapathy , Ulfar Erlingsson , Martin Abadi , John Richardson
发明人： Mingtzong Lee , Peter Wieland , Nar Ganapathy , Ulfar Erlingsson , Martin Abadi , John Richardson
IPC分类号： G06F9/54 , G06F13/28 , G06F13/24
CPC分类号： G06F13/28 , G06F9/4812 , G06F9/545
摘要： A device driver includes a kernel stub and a user-mode module. The device driver may access device registers while operating in user-mode to promote system stability while providing a low-latency software response from the system upon interrupts. Upon receipt of an interrupt, the kernel stub may run an interrupt service routine and write information to shared memory. Control is passed to the user-mode module by a reflector. The user-mode module may then read the information from the shared memory to continue servicing the interrupt.
摘要翻译：设备驱动程序包括内核存根和用户模式模块。设备驱动程序可以在用户模式下操作时访问设备寄存器，以提高系统稳定性，同时在中断时从系统提供低延迟软件响应。收到中断后，内核存根可以运行中断服务程序并将信息写入共享存储器。控制由反射器传递给用户模式模块。然后，用户模式模块可以从共享存储器读取信息以继续维护中断。

4. 发明授权

US08185783B2 Split user-mode/kernel-mode device driver architecture 有权
标题翻译：拆分用户模式/内核模式设备驱动程序架构
公开(公告)号：US08185783B2
公开(公告)日：2012-05-22
申请号：US11944436
申请日：2007-11-22
申请人： Mingtzong Lee , Peter Wieland , Nar Ganapathy , Ulfar Erlingsson , Martin Abadi , John Richardson
发明人： Mingtzong Lee , Peter Wieland , Nar Ganapathy , Ulfar Erlingsson , Martin Abadi , John Richardson
IPC分类号： G06F11/00
CPC分类号： G06F13/28 , G06F9/4812 , G06F9/545
摘要： A device driver includes a kernel stub and a user-mode module. The device driver may access device registers while operating in user-mode to promote system stability while providing a low-latency software response from the system upon interrupts. Upon receipt of an interrupt, the kernel stub may run an interrupt service routine and write information to shared memory. Control is passed to the user-mode module by a reflector. The user-mode module may then read the information from the shared memory to continue servicing the interrupt.
摘要翻译：设备驱动程序包括内核存根和用户模式模块。设备驱动程序可以在用户模式下操作时访问设备寄存器，以提高系统稳定性，同时在中断时从系统提供低延迟软件响应。收到中断后，内核存根可以运行中断服务程序并将信息写入共享存储器。控制由反射器传递给用户模式模块。然后，用户模式模块可以从共享存储器读取信息以继续维护中断。

5. 发明授权

US08434098B2 Synchronizing split user-mode/kernel-mode device driver architecture 有权
标题翻译：同步拆分用户模式/内核模式设备驱动程序架构
公开(公告)号：US08434098B2
公开(公告)日：2013-04-30
申请号：US12027274
申请日：2008-02-07
申请人： Mingtzong Lee , Peter Wieland , Nar Ganapathy , Ulfar Erlingson , Martin Abadi , John Richardson
发明人： Mingtzong Lee , Peter Wieland , Nar Ganapathy , Ulfar Erlingson , Martin Abadi , John Richardson
IPC分类号： G06F3/00 , G06F13/24 , G06F11/00
CPC分类号： G06F9/4812 , G06F9/545
摘要： A device driver includes a kernel mode and a user-mode module. The device driver may access device registers while operating in user-mode to promote system stability while providing a low-latency software response from the system upon interrupts. The device driver may include kernel stubs that are loaded into the operating system, and may be device specific code written. The stubs may be called by a reflector to handle exceptions caught by the stubs. A reset stub may be invoked by the reflector when the user-mode module or host terminates abruptly or detects an interrupt storm. The reset stub may also be invoked if errant direct memory access DMA operations are being performed by a hardware device. The reset stub may ensure that hardware immediately stops unfinished DMA from further transfer, and may be called by the user-mode driver module.
摘要翻译：设备驱动程序包括内核模式和用户模式模块。设备驱动程序可以在用户模式下操作时访问设备寄存器，以提高系统稳定性，同时在中断时从系统提供低延迟软件响应。设备驱动程序可以包括加载到操作系统中的内核存根，并且可以是写入的特定于设备的代码。存根可以由反射器调用来处理由存根捕获的异常。当用户模式模块或主机突然终止或检测到中断风暴时，反射器可以调用复位存根。如果由硬件设备执行错误的直接存储器访问DMA操作，则也可以调用复位存根。复位存根可以确保硬件立即停止未完成的DMA进一步传输，并且可以由用户模式驱动器模块调用。

6. 发明申请

US20100192026A1 IMPLEMENTATIONS OF PROGRAM RUNTIME CHECKS 审中-公开
标题翻译：方案运行检查的执行情况
公开(公告)号：US20100192026A1
公开(公告)日：2010-07-29
申请号：US12360259
申请日：2009-01-27
申请人： Martin Abadi , Ulfar Erlingsson , Daniel Luchaup , Marcus Peinado
发明人： Martin Abadi , Ulfar Erlingsson , Daniel Luchaup , Marcus Peinado
IPC分类号： G06F11/08
CPC分类号： G06F11/08
摘要： Runtime checks on a program may be used to determine whether a pointer points to a legitimate target before the pointer is dereferenced. Legitimate addresses, such as address-taken local variables (ATLVs), global variables, heap locations, functions, etc., are tracked, so that the legitimate targets of pointers are known. The program may be transformed so that, prior to dereferencing a pointer, the pointer is checked to ensure that it points to a legitimate address. If the pointer points to a legitimate address, then the dereferencing may proceed. Otherwise, an error routine may be invoked. One example way to keep track of legitimate addresses is to group address-taken variables together within a specific range or ranges of memory addresses, and to check that a pointer has a value within that range prior to dereferencing the pointer. However, addresses may be tracked in other ways.
摘要翻译：在指针取消引用之前，可以使用对程序的运行时检查来确定指针是否指向合法目标。跟踪合法的地址，例如地址采取的局部变量（ATLV），全局变量，堆位置，函数等，以便指针的合法目标是已知的。程序可以被转换，使得在取消引用指针之前，检查指针以确保它指向合法的地址。如果指针指向合法的地址，则可以进行取消引用。否则，可以调用错误例程。跟踪合法地址的一个示例方法是将地址采集的变量组合在一个特定的存储器地址范围或范围内，并在取消引用指针之前检查指针是否具有该范围内的值。但是，地址可以以其他方式跟踪。

7. 发明申请

US20060161978A1 Software security based on control flow integrity 失效
公开(公告)号：US20060161978A1
公开(公告)日：2006-07-20
申请号：US11036121
申请日：2005-01-14
申请人： Martin Abadi , Mihai-Dan Budiu , Ulfar Erlingsson , Jay Ligatti
发明人： Martin Abadi , Mihai-Dan Budiu , Ulfar Erlingsson , Jay Ligatti
IPC分类号： G06F12/14
CPC分类号： G06F21/54 , G06F21/52 , G06F21/566
摘要： Software control flow integrity is provided by embedding identifying bit patterns at computed control flow instruction sources and destinations. The sources and destinations of computed control flow instructions are determined with reference to a control flow graph. The identifying bit patterns are compared during software execution, and a match between a source and a respective destination ensures control flow consistent with the control flow graph. Security measures are implemented when the comparison results in a mismatch, indicating that control flow has deviated from the anticipated course.

8. 发明授权

US08104021B2 Verifiable integrity guarantees for machine code programs 有权
标题翻译：可验证的机器代码程序完整性保证
公开(公告)号：US08104021B2
公开(公告)日：2012-01-24
申请号：US11450493
申请日：2006-06-09
申请人： Ulfar Erlingsson , Martin Abadi , Michael Vrable
发明人： Ulfar Erlingsson , Martin Abadi , Michael Vrable
IPC分类号： G06F9/45
CPC分类号： G06F21/52 , G06F12/1441
摘要： A verifier performs static checks of machine code to ensure that the code will execute safely. After verification is performed, the code is executed. The code modules generated by the rewriter and verified by the verifier prevent runtime code modifications so that properties established by the verifier cannot be invalidated during execution. Guards ensure that control flows only as expected. Stack data that must be shared within a code module, and which may therefore be corrupted during execution, is placed on a separate data stack. Other stack data remains on the regular execution stack, called the control stack. Multiple memory accesses can be checked by a single memory-range guard, optimized for fast access to the most-frequently used memory.
摘要翻译：验证者执行机器代码的静态检查，以确保代码将安全执行。执行验证后，执行代码。由重写器生成并由验证者验证的代码模块防止运行时代码修改，以便验证者建立的属性在执行过程中不能被无效。护卫员确保控制只能按预期方式流动。必须在代码模块中共享的堆栈数据，并且可能在执行期间被破坏的堆栈数据被放置在单独的数据堆栈上。其他堆栈数据保留在常规执行堆栈中，称为控制堆栈。多个存储器访问可以由单个存储器范围保护来检查，优化用于快速访问最常用的存储器。

9. 发明授权

US07870336B2 Operating system protection against side-channel attacks on secrecy 有权
标题翻译：操作系统防止侧向信道攻击的秘密
公开(公告)号：US07870336B2
公开(公告)日：2011-01-11
申请号：US11592808
申请日：2006-11-03
申请人： Ulfar Erlingsson , Martin Abadi
发明人： Ulfar Erlingsson , Martin Abadi
IPC分类号： G06F13/00
CPC分类号： G06F12/1441 , G06F12/0802 , G06F12/1027 , G06F12/1408
摘要： Unobservable memory regions, referred to as stealth memory regions, are allocated or otherwise provided to store data whose secrecy is to be protected. The stealth memory is prevented from exposing information about its usage pattern to an attacker or adversary. In particular, the usage patterns may not be deduced via the side-channels.
摘要翻译：被称为隐形存储器区域的不可观察的存储区域被分配或以其他方式提供以存储其保密性被保护的数据。隐身记忆被阻止将其使用模式的信息暴露给攻击者或对手。特别地，不能通过侧信道来推断使用模式。

10. 发明授权

US08136091B2 Architectural support for software-based protection 有权
标题翻译：基于软件保护的架构支持
公开(公告)号：US08136091B2
公开(公告)日：2012-03-13
申请号：US11700451
申请日：2007-01-31
申请人： Ulfar Erlingsson , Martin Abadi , Mihai-Dan Budiu
发明人： Ulfar Erlingsson , Martin Abadi , Mihai-Dan Budiu
IPC分类号： G06F9/44 , G06F9/45 , G06F11/00 , G06F7/04 , H04L29/06 , H04L9/32
CPC分类号： G06F12/1441 , G06F21/52
摘要： Instruction set architecture (ISA) extension support is described for control-flow integrity (CFI) and for XFI memory protection. ISA replaces CFI guard code with single instructions. ISA support is provided for XFI in the form of bounds-check instructions. Compared to software guards, hardware support for CFI and XFI increases the efficiency and simplicity of enforcement. In addition, the semantics for CFI instructions allows more precise static control-flow graph encodings than were possible with a prior software CFI implementation.
摘要翻译：描述了用于控制流完整性（CFI）和XFI内存保护的指令集架构（ISA）扩展支持。 ISA用单个指令替代了CFI防护码。以边界检查指示的形式为XFI提供ISA支持。与软件卫士相比，CFI和XFI的硬件支持提高了执行效率和简单性。此外，CFI指令的语义允许更精确的静态控制流程图编码，而不是以前的软件CFI实现。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式